A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HBlaauwproducts Remote Kiln Control
APPBlaauwproducts3.0.0≤ 3.0.0
Related vulnerabilities
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code ...
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in c...
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive f...
Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessabl...
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3...